apiVersion: v1 kind: Template metadata: name: service-catalog-role-bindings objects: - apiVersion: authorization.openshift.io/v1 kind: ClusterRole metadata: name: servicecatalog-serviceclass-viewer rules: - apiGroups: - servicecatalog.k8s.io resources: - clusterserviceclasses - clusterserviceplans verbs: - list - watch - get - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: servicecatalog-serviceclass-viewer-binding roleRef: name: servicecatalog-serviceclass-viewer groupNames: - system:authenticated - kind: ServiceAccount apiVersion: v1 metadata: name: service-catalog-controller - kind: ServiceAccount apiVersion: v1 metadata: name: service-catalog-apiserver - apiVersion: authorization.openshift.io/v1 kind: ClusterRole metadata: name: sar-creator rules: - apiGroups: - "" resources: - subjectaccessreviews.authorization.k8s.io verbs: - create - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: service-catalog-sar-creator-binding roleRef: name: sar-creator subjects: - kind: ServiceAccount name: service-catalog-apiserver namespace: kube-service-catalog - apiVersion: authorization.openshift.io/v1 kind: ClusterRole metadata: name: namespace-viewer rules: - apiGroups: - "" resources: - namespaces verbs: - list - watch - get - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: service-catalog-namespace-viewer-binding roleRef: name: namespace-viewer subjects: - kind: ServiceAccount name: service-catalog-apiserver namespace: kube-service-catalog - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: service-catalog-controller-namespace-viewer-binding roleRef: name: namespace-viewer subjects: - kind: ServiceAccount name: service-catalog-controller namespace: kube-service-catalog - apiVersion: authorization.openshift.io/v1 kind: ClusterRole metadata: name: service-catalog-controller rules: - apiGroups: - "" resources: - secrets verbs: - create - update - patch - delete - get - list - watch - apiGroups: - servicecatalog.k8s.io resources: - clusterservicebrokers/status - clusterserviceclasses/status - clusterserviceplans/status - serviceinstances/status - servicebindings/status - servicebindings/finalizers - serviceinstances/reference verbs: - update - apiGroups: - servicecatalog.k8s.io resources: - clusterservicebrokers - serviceinstances - servicebindings verbs: - list - get - watch - apiGroups: - "" resources: - events verbs: - patch - create - apiGroups: - servicecatalog.k8s.io resources: - clusterserviceclasses - clusterserviceplans verbs: - create - delete - update - patch - get - list - watch - apiGroups: - settings.k8s.io resources: - podpresets verbs: - create - update - delete - get - list - watch - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: service-catalog-controller-binding roleRef: name: service-catalog-controller subjects: - kind: ServiceAccount name: service-catalog-controller namespace: kube-service-catalog - apiVersion: authorization.openshift.io/v1 kind: Role metadata: name: endpoint-accessor rules: - apiGroups: - "" resources: - endpoints verbs: - list - watch - get - create - update - apiVersion: authorization.openshift.io/v1 kind: RoleBinding metadata: name: endpointer-accessor-binding roleRef: name: endpoint-accessor namespace: kube-service-catalog subjects: - kind: ServiceAccount namespace: kube-service-catalog name: service-catalog-controller - apiVersion: authorization.openshift.io/v1 kind: ClusterRoleBinding metadata: name: system:auth-delegator-binding roleRef: name: system:auth-delegator subjects: - kind: ServiceAccount name: service-catalog-apiserver namespace: kube-service-catalog